The cost of cybercrime continues to rise, driven by increasingly sophisticated cybercriminals and a growing pool of new and often unsophisticated internet users, according to a new report from internet security firm McAfee and the Center for Strategic and International Studies.

“Cybercrime is relentless, undiminished, and unlikely to stop. It is just too easy and too
rewarding, and the chances of being caught and punished are perceived as being too low,” the report states.

The report, “Economic Impact of Cybercrime—No Slowing Down,” estimates cybercrime costs the global economy $600 billion a year, or 0.8 percent of global GDP, up from $500 billion in 2014.

It lists five trends that are most responsible for the increase:

  • Cybercriminals adopting new technologies.
  • Growth in new internet users, often from countries with weak cybersecurity.
  • The rise and growth of Cybercrime-as-a-Service.
  • Growth in cybercrime “centers” such as Brazil, India, North Korea, and Vietnam.
  • Improved black markets and digital currencies facilitating monetization of stolen data.

Security magazine also published a summary of the report.

The Financial Times reports that many nonprofits are vulnerable to cyberattacks.

Many charities simply don’t want to invest time and money defending against hackers. A 2016 study found about half of nonprofits had not conducted a cyber risk assessment, and two thirds had no plans to increase spending on data security. But hackers don’t give nonprofits a pass. The article tells the story of a small, Indianapolis, Indiana-based cancer charity that lost all its client data in a ransomware attack.

“While it is not surprising that charities want to spend scarce resources on housing the homeless or feeding the hungry, some argue that those very services could be at risk if they fail to invest in cyber security tools and practices,” according to The Financial Times report.

Industry publication Data Breach Today reports hackers are increasingly exploiting weak Remote Desktop Protocol (RDP) credentials to launch ransomware attacks.

“Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices,” reports Executive Editor Mathew J. Schwartz. “But security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces and increasingly used by ransomware attackers.” RDP credentials have long been used to launch distributed denial of service (DDoS) and malware attacks. Investigators recently found RDP credentials for sale for as little as $3.

To thwart hackers, experts told Data Breach Today, companies should use strong RDP passwords to stop brute-force attacks, keep an eye out for unusual network behavior and audit ports to prevent open and unsecured RDP or SSH ports.

For small and medium-sized businesses, the most dangerous cyberthreat may come from within.

IT industry publication TechRepublic reports that a newly released study by Keeper Security and the Ponemon Institute suggests careless employees are at fault for the majority of data breaches at small and mid-sized businesses. The study surveyed 1,000 information technology professionals in the United Kingdom and North America. Some 54 percent listed employee negligence as the root cause of cybersecurity incidents, followed by insufficient password policies.

A stunning 50 percent said they had suffered ransomware attacks in the past year. Of those, 79 percent said ransomware entered via a phishing or social engineering attack.

Click here for TechRepublic’s full coverage of the study.

Cybercrooks’ preferred path to critical data is through privileged accounts, those held by users who have broad access and powers within the target’s network.

That’s according to a recent survey conducted by the cybersecurity firm Thycotic at the recent Black Hat conference in Las Vegas, reported Infosecurity Magazine.  About a third of respondents named privileged accounts the fastest and easiest path to critical data, while user email accounts were a close second at 27 percent.

Some 85 percent said human error, not inadequate security or unpatched software, was most to blame for security breaches.

Hackers’ biggest headaches? Multifactor authentication and encryption, according to the survey.

 

 

 

 

 

A German cybersecurity firm reports that manufacturers have become a top target of cybercriminals.

The NTT Security Global Threat Intelligence Center (GTIC) Quarterly Threat Intelligence Report for the second quarter of 2017 notes that manufacturers were targeted in 34 percent of incidents, the highest of any industry segment. About a third of those incidents involved “reconnaissance” which suggests the industry is still in hackers’ sights. “If trends from the past few years continue, this probably indicates that attacks and malware are likely to increase in manufacturing organizations in the second half of 2017,” according to the report.

The report also noted a 24 percent increase in attacks on NTT clients in the second quarter and that cyber criminals go-to attack vector has been “phishing emails with malicious attachments containing PowerShell commands in VBA macros.”

Read the full report.

Computer networking giant Cisco says the recent WannaCry and Petya/NotPetya incidents signal the advent of a new generation of cyberattacks that is aimed more at mass disruption than financial gain. The new breed of “Destruction of Service” attacks will only grow more sophisticated and potent, the company says in its Cisco 2017 Midyear Cybersecurity Report.

The report warns that cybercriminals “now have the ability—and often now, it seems, the inclination—to lock systems and destroy data as part of their attack process.” The report, released July 20, also lays out new threats posed by the growing network of connected devices known as the “Internet of Things” and examines’ hackers’ continued use of Business Email Compromise (BEC) attacks, which it says accounted for $5.3 billion in cybertheft between 2013 and 2016.

Yesterday, a massive ransomware attack now known as “Petya” spread across the globe in a similar fashion to the WannaCry cyberattack in May. In an Alert today, Fox Chief Privacy Officer and Partner Mark McCreary breaks down what we know about the attack, how to address it if your organization falls victim to it, and how to minimize the risks of future attacks:

Yesterday’s worldwide cyberattack once again exploited a vulnerability that has been known to experts for many months. These attacks are sure to continue and the best defense is knowledge. Awareness of how malware works and employee training to avoid the human error that may trigger an infection can prevent your organization from becoming a victim.

This latest ransomware variant, referred to as “Petya,” is similar in many respects to the “WannaCry” ransomware that affected hundreds of thousands of computers in mid-May, using the same Eternal Blue exploit to infect computers. The purpose of this Alert is to provide you some information believed or known at this time.

How Is a Computer Infected?

Experts believe the Petya malware is delivered in a Word document attached to an email. Once initiated by opening the Microsoft Word document, an unprotected computer becomes infected and the entire hard drive on that computer is encrypted by the program. This is notably different from WannaCry, which encrypted only files.

Once Petya is initiated, it begins seeking other unprotected computers in the same network to infect. It is not necessary to open the infected Microsoft Word document on each computer. An infection can occur by the malware spreading through a network environment.

To read Mark’s full discussion of the Petya attack, please visit the Fox Rothschild website.

Mark also notes that “I continue to stress to clients that in addition to hardening your IT resources, the absolute best thing your business can do is train employees how to detect and avoid malware and phishing.  In-person, annual privacy and security training is the best way to accomplish this.”

Yesterday we witnessed new ransomware spread across the world with incredible speed and success, bringing businesses to their knees and home users learning for the first time about ransomware and why computer backups are so important.

With over 123,000 computers infected, experts believe the “WannaCrypt/WannaCry/WCry” attacks have stopped after researchers registered a domain that the software checks before encrypting.  However, nothing is stopping someone from revising the software to not require that check and releasing it into the wild.  In other words, do not expect the infections to stop.

To battle the malicious software, Microsoft took the highly unusual step of issuing updates for versions of Windows that have reached their end of life and otherwise are not supported (e.g., Windows XP, Windows 8, and Windows Server 2003).  WannaCrypt/WannaCry/WCry did not even try to target Windows 10 machines, but that does not mean Windows 10 machines cannot be affected and encrypted by the ransomeware.  The blog describing Microsoft’s efforts can be found here and is worth reading.  Although your business may normally take a wait and see approach to software updates to avoid conflicts with other programs, this is a situation you should fast track that process.

If there is any silver lining here, it is that it may lead to more organizations to focus harder on computer security and efforts to battle malicious attacks similar to WannaCrypt/WannaCry/WCry.  Having seen first hand from clients the panic and feeling of helplessness caused by WannaCrypt/WannaCry/WCry in mere hours, it seems likely that companies are starting to better understand the risk, loss of productivity and costs that can be associated with a ransomware attack.

Below is a screenshot of the WannaCrypt/WannaCry/WCry software on an infected machine.  (Note the financial aid offer in the last line of the “Can I Recover My Files?” paragraph.  The bad guys must have a public relations firm!)

wannacrypt

Ransomware attacks are becoming more common. In a typical attack, cyber criminals use a type of malware that effectively takes a computer system hostage by blocking access to the system until a ransom demand is paid. One of the latest victims, Hollywood Presbyterian Medical Center in Los Angeles, made headlines when it opted to pay ransom to end a 10-day lock of its computer system, including electronic medical records system.

Malware and Ransomware conceptSome ransomware programs display an official-looking legal warning on the victim’s screen, purporting to notify the user that they committed a crime and demanding a payment to avoid legal prosecution or jail. These attacks are especially worrisome for hospitals that use electronic medical records because it effectively paralyzes the entire system. During the lockout period, HPMC was forced to create paper records and use fax machines to transmit information. Some emergency patients were sent to other hospitals.

Hospitals are especially vulnerable to these attacks. Medical systems often rely on outdated software and some medical devices – such as MRI machines, fetal monitors, and IV pumps – have embedded software that uses older programs with unpatched bugs vulnerable to cyberattacks.

Ultimately, HPMC made a ransom payment of 40 bitcoins, currently worth about $17,000. The hospital’s executives concluded that paying off the criminals was the most cost-effective way to resume normal operations. When it publicly disclosed the attack, HPMC also declared that none of its patient records were breached.

Law enforcement officials and cybersecurity experts are encouraging victims of ransomware attacks to resist paying. The rationale is that every capitulating victim helps to create a culture of acquiescence that encourages more attacks and escalating ransom demands.

The vast majority of ransomware incidents can be traced to phishing attacks – a link sent by email that is inadvertently clicked on by someone. Thus cybersecurity training and efforts to increase awareness is the most effective and cost-efficient means of defending your business.

But while prevention is key, it’s also vitally important to be proactive and create a breach response plan for mitigating the effects of any attack in the future.